Reviewing Firewall IP Tables

While onsite for an IT audit this week, I had to connect to a bank's network from three separate locations. 

At the first location, I got a couple of DHCP addresses (one for my host and one for VMWare workstation) and had no trouble getting connected to the Internet (via browser, RDP, etc.).

When I connected at the second site, I was able to get Internet connectivity from my host but not from within VMWare.  I fiddled with it for a while and finally made do.

When I connected at the third site, they told me they needed to give me static IPs since they had IP tables in their Checkpoint firewall to define what systems had Internet access.

That got me to ask why I had no problems at the first site and half a problem at the second site.  The root cause of all this was their lack of reviewing the IP table in their Checkpoint firewall.  The whole bank subnet at the first site was allowed access to the Internet (this was leftover from a merger about six months ago).  The IP address DHCP gave my host at the second site just happened to be in their list on the firewall (nobody could remember why that random address was in the table).  It's good to review your configurations or have someone else look over them, because mistakes won't necessarily be obvious.

Networking Security and Compliance audit firewall